From 9e3538c57df9855ff2f5c6384a00b740c2bec49a Mon Sep 17 00:00:00 2001 From: murgatroid99 Date: Thu, 28 Apr 2016 13:27:19 -0700 Subject: [PATCH 1/2] Load default roots.pem in Ruby via grpc_set_ssl_roots_override_callback --- src/ruby/ext/grpc/rb_channel_credentials.c | 28 ++++++++++++++++++++++ src/ruby/lib/grpc.rb | 11 ++++++--- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/src/ruby/ext/grpc/rb_channel_credentials.c b/src/ruby/ext/grpc/rb_channel_credentials.c index 10391bc9635..4c01859db7e 100644 --- a/src/ruby/ext/grpc/rb_channel_credentials.c +++ b/src/ruby/ext/grpc/rb_channel_credentials.c @@ -31,6 +31,8 @@ * */ +#include + #include #include "rb_grpc_imports.generated.h" #include "rb_channel_credentials.h" @@ -39,6 +41,7 @@ #include #include +#include #include #include "rb_call_credentials.h" @@ -48,6 +51,8 @@ grpc_channel_credentials. */ static VALUE grpc_rb_cChannelCredentials = Qnil; +static char *pem_root_certs = NULL; + /* grpc_rb_channel_credentials wraps a grpc_channel_credentials. It provides a * mark object that is used to hold references to any objects used to create * the credentials. */ @@ -236,6 +241,24 @@ static VALUE grpc_rb_channel_credentials_compose(int argc, VALUE *argv, return grpc_rb_wrap_channel_credentials(creds, mark); } +static grpc_ssl_roots_override_result get_ssl_roots_override( + char **pem_root_certs_ptr) { + *pem_root_certs_ptr = pem_root_certs; + if (pem_root_certs == NULL) { + return GRPC_SSL_ROOTS_OVERRIDE_FAIL; + } else { + return GRPC_SSL_ROOTS_OVERRIDE_OK; + } +} + +static VALUE grpc_rb_set_default_roots_pem(VALUE self, VALUE roots) { + char *roots_ptr = StringValueCStr(roots); + size_t length = strlen(roots_ptr); + pem_root_certs = gpr_malloc((length + 1) * sizeof(char)); + memcpy(pem_root_certs, roots_ptr, length + 1); + return Qnil; +} + void Init_grpc_channel_credentials() { grpc_rb_cChannelCredentials = rb_define_class_under(grpc_rb_mGrpcCore, "ChannelCredentials", rb_cObject); @@ -251,6 +274,11 @@ void Init_grpc_channel_credentials() { grpc_rb_channel_credentials_init_copy, 1); rb_define_method(grpc_rb_cChannelCredentials, "compose", grpc_rb_channel_credentials_compose, -1); + rb_define_module_function(grpc_rb_cChannelCredentials, + "set_default_roots_pem", + grpc_rb_set_default_roots_pem, 1); + + grpc_set_ssl_roots_override_callback(get_ssl_roots_override); id_pem_cert_chain = rb_intern("__pem_cert_chain"); id_pem_private_key = rb_intern("__pem_private_key"); diff --git a/src/ruby/lib/grpc.rb b/src/ruby/lib/grpc.rb index a56c49ff59e..79fa705b1c9 100644 --- a/src/ruby/lib/grpc.rb +++ b/src/ruby/lib/grpc.rb @@ -28,9 +28,6 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ssl_roots_path = File.expand_path('../../../../etc/roots.pem', __FILE__) -unless ENV['GRPC_DEFAULT_SSL_ROOTS_FILE_PATH'] - ENV['GRPC_DEFAULT_SSL_ROOTS_FILE_PATH'] = ssl_roots_path -end require_relative 'grpc/errors' require_relative 'grpc/grpc' @@ -42,3 +39,11 @@ require_relative 'grpc/generic/active_call' require_relative 'grpc/generic/client_stub' require_relative 'grpc/generic/service' require_relative 'grpc/generic/rpc_server' + +begin + file = File.open(ssl_roots_path) + roots = file.read + GRPC::Core::ChannelCredentials.set_default_roots_pem roots +ensure + file.close +end From 9003768b0af8dd3f51a534cb50baf7081f3caeb0 Mon Sep 17 00:00:00 2001 From: murgatroid99 Date: Thu, 28 Apr 2016 15:40:45 -0700 Subject: [PATCH 2/2] Fixed unused parameter error --- src/ruby/ext/grpc/rb_channel_credentials.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ruby/ext/grpc/rb_channel_credentials.c b/src/ruby/ext/grpc/rb_channel_credentials.c index 4c01859db7e..09bd3093a94 100644 --- a/src/ruby/ext/grpc/rb_channel_credentials.c +++ b/src/ruby/ext/grpc/rb_channel_credentials.c @@ -254,6 +254,7 @@ static grpc_ssl_roots_override_result get_ssl_roots_override( static VALUE grpc_rb_set_default_roots_pem(VALUE self, VALUE roots) { char *roots_ptr = StringValueCStr(roots); size_t length = strlen(roots_ptr); + (void)self; pem_root_certs = gpr_malloc((length + 1) * sizeof(char)); memcpy(pem_root_certs, roots_ptr, length + 1); return Qnil;